feat(phase-19): add remediation fields and reports system (T-130, T-131)

backend/app/routers/tests.py

@@ -40,6 +40,7 @@ from app.schemas.test import (
     TestBlueUpdate,
     TestRedValidate,
     TestBlueValidate,
+    TestRemediationUpdate,
 )
 from app.schemas.test_template import TestTemplateInstantiate
 from app.services.audit_service import log_action
@@ -211,6 +212,7 @@ def create_test_from_template(
         platform=template.platform,
         procedure_text=template.attack_procedure,
         tool_used=template.tool_suggested,
+        remediation_steps=template.suggested_remediation,
         created_by=current_user.id,
         state=TestState.draft,
     )
@@ -520,6 +522,40 @@ def reopen(
     return test
 
 
+# ---------------------------------------------------------------------------
+# PATCH /tests/{id}/remediation  —  update remediation fields
+# ---------------------------------------------------------------------------
+
+
+@router.patch("/{test_id}/remediation", response_model=TestOut)
+def update_remediation(
+    test_id: uuid.UUID,
+    payload: TestRemediationUpdate,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+):
+    """Update remediation fields on a test (any authenticated user)."""
+    test = _get_test_or_404(db, test_id)
+
+    update_data = payload.model_dump(exclude_unset=True)
+    for field, value in update_data.items():
+        setattr(test, field, value)
+
+    db.commit()
+    db.refresh(test)
+
+    log_action(
+        db,
+        user_id=current_user.id,
+        action="update_remediation",
+        entity_type="test",
+        entity_id=test.id,
+        details={"updated_fields": list(update_data.keys())},
+    )
+
+    return test
+
+
 # ---------------------------------------------------------------------------
 # GET /tests/{id}/timeline  —  audit history for this test
 # ---------------------------------------------------------------------------